Better logging

kris6673 · Feb 7, 2024 · cc3135c · cc3135c
1 parent 9956cdd
commit cc3135c
Showing 1 changed file with 39 additions and 27 deletions.
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1
@@ -4,43 +4,55 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP {
     Internal
     #>
     param($Tenant, $Settings)
+    $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-TransportConfig'
+    $SMTPusers = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-CASMailbox' -cmdParams @{ ResultSize = 'Unlimited' } | Where-Object { ($_.SmtpClientAuthenticationDisabled -eq $false) }
+
     If ($Settings.remediate) {
 
-        # Disable SMTP Basic Authentication for the tenant
-        try {
-            $Request = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-TransportConfig' -cmdParams @{ SmtpClientAuthenticationDisabled = $true }
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled SMTP Basic Authentication' -sev Info
-        } catch {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication: $($_.exception.message)" -sev Error
-        }
-
-        # Disable SMTP Basic Authentication for all users
-        $SMTPusers = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-CASMailbox' -cmdParams @{ ResultSize = 'Unlimited' } | Where-Object { ($null -ne $_.SmtpClientAuthenticationDisabled) }
-        $SMTPusers | ForEach-Object {
+        if ($CurrentInfo.SmtpClientAuthenticationDisabled -and $SMTPusers.Count -eq 0) {
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication for tenant and all users is already disabled' -sev Info
+        } else {
+            # Disable SMTP Basic Authentication for the tenant
             try {
-                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-CASMailbox' -cmdParams @{ Identity = $_.Identity; SmtpClientAuthenticationDisabled = $null } -UseSystemMailbox $true
-                Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress)" -sev Info
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-TransportConfig' -cmdParams @{ SmtpClientAuthenticationDisabled = $true }
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled SMTP Basic Authentication' -sev Info
             } catch {
-                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress). Error: $($_.exception.message)" -sev Error
-
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication: $($_.exception.message)" -sev Error
+            }
+
+            # Disable SMTP Basic Authentication for all users
+            $SMTPusers | ForEach-Object {
+                try {
+                    New-ExoRequest -tenantid $Tenant -cmdlet 'Set-CASMailbox' -cmdParams @{ Identity = $_.Identity; SmtpClientAuthenticationDisabled = $null } -UseSystemMailbox $true
+                    Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress)" -sev Info
+                } catch {
+                    Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress). Error: $($_.exception.message)" -sev Error
+
+                }
             }
         }
     }
-
 
-    # This is ugly but done to avoid a second call to the Graph API
-    if ($Settings.alert -or $Settings.report) {
-        $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-TransportConfig'
-
-        if ($Settings.alert) {
-            if ($CurrentInfo.SmtpClientAuthenticationDisabled) {
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication is disabled' -sev Info
+    if ($Settings.alert) {
+        if ($CurrentInfo.SmtpClientAuthenticationDisabled -and $SMTPusers.Count -eq 0) {
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication for tenant and all users is disabled' -sev Info
+        } else {
+            
+            if ($CurrentInfo.SmtpClientAuthenticationDisabled -eq $false) {
+                $LogMessage = 'SMTP Basic Authentication for tenant is not disabled. '
             } else {
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication is not disabled' -sev Alert
+                $LogMessage = 'SMTP Basic Authentication for tenant is disabled. '
             }
+            if ($SMTPusers.Count -ne 0) {
+                $LogMessage += "SMTP Basic Authentication for $($SMTPusers.Count) users is not disabled"
+            } else {
+                $LogMessage += 'SMTP Basic Authentication for all users is disabled'
+            }
+            Write-LogMessage -API 'Standards' -tenant $tenant -message $LogMessage -sev Alert
         }
-        if ($Settings.report) {
-            Add-CIPPBPAField -FieldName 'DisableBasicAuthSMTP' -FieldValue [bool]$CurrentInfo.SmtpClientAuthenticationDisabled -StoreAs bool -Tenant $tenant
-        }
+    }
+
+    if ($Settings.report) {
+        Add-CIPPBPAField -FieldName 'DisableBasicAuthSMTP' -FieldValue [bool]$CurrentInfo.SmtpClientAuthenticationDisabled -StoreAs bool -Tenant $tenant
     }
 }